marcocesarato/amwscan
Composer 安装命令:
composer require marcocesarato/amwscan
包简介
AMWSCAN (Antimalware Scanner) is a php antimalware/antivirus scanner console script written in php for scan your project. This can work on php projects and a lot of others platform.
关键字:
README 文档
README
PHP Antimalware Scanner
If this project helped you out, please support us with a star ⭐
Description
PHP Antimalware Scanner is a free tool to scan PHP files and analyze your project to find any malicious code inside it.
It provides an interactive text terminal console interface to scan a file, or all files in a given directory (file paths
can also be managed using --filter-paths or --ignore-paths), and find PHP code files that seem to contain malicious
code. When a probable malware is detected, will be asked what action to take (like add to the whitelist, delete files, try
clean infected code, etc).
The package can also scan the PHP files in a report mode (--report|-r), so without interacting and outputting anything to
the terminal console. In that case, the results will be stored in a report file in HTML (default) or text
format (--report-format <format>).
This scanner can work on your own php projects and on a lot of other platforms using the right combination of
configurations (ex. using --lite|-l flag can help to find less false positivity).
⚠️ Remember that you will be solely responsible for any damage to your computer system or loss of data that results from such activities. You are solely responsible for adequate protection and backup of the data before executing the scanner.
How to contribute
Have an idea? Found a bug? Please raise to ISSUES or PULL REQUEST. Contributions are welcome and are greatly appreciated! Every little bit helps.
📘 Requirements
- php 7.4+ (PHP 8.x recommended)
- php-xml
- php-zip
- php-mbstring
- php-json
- php-common
- php-curl
- php-gd
📖 Install
Release
You can use one of these methods to install the scanner by downloading it from GitHub or directly from the console.
Download
Go to the GitHub page and press on the Releases tab or download the raw file from:
Console
-
Run this command from the console (the scanner will be downloaded to your current directory):
wget https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner -
Run the scanner:
php scanner ./dir-to-scan -l ... -
(Optional) Install as bin command (Unix Bash)
Run this command:
wget https://raw.githubusercontent.com/marcocesarato/PHP-Antimalware-Scanner/master/dist/scanner -O /usr/bin/awscan.phar && \ printf '#!/bin/bash\nphp /usr/bin/awscan.phar $@' > /usr/bin/awscan && \ chmod u+x,g+x /usr/bin/awscan.phar && \ chmod u+x,g+x /usr/bin/awscan && \ export PATH=$PATH":/usr/bin"
Now you can run the scanner simply with this command:
awscan ./dir-to-scan -l...
Composer
The package is available on Packagist.
Global Installation (recommended)
For system-wide installation, use:
composer global require marcocesarato/amwscan
After installation, run the scanner using:
php $(composer global config home)/vendor/marcocesarato/amwscan/src/index.php <path-to-scan> [options]
Or create an alias for easier usage:
alias amwscan='php $(composer global config home)/vendor/marcocesarato/amwscan/src/index.php'
Then you can run: amwscan <path-to-scan> [options]
Project-Level Installation
For installing within a specific project:
composer require marcocesarato/amwscan
After installation, run the scanner using:
php vendor/marcocesarato/amwscan/src/index.php <path-to-scan> [options]
Source
Download
Click the GitHub page "Clone or download" or download from:
Git
- Install git
- Copy the command and link from below in your terminal:
git clone https://github.com/marcocesarato/PHP-Antimalware-Scanner - Change directories to the new
~/PHP-Antimalware-Scannerdirectory:cd ~/PHP-Antimalware-Scanner/ - To ensure that your master branch is up-to-date, use the pull command:
git pull https://github.com/marcocesarato/PHP-Antimalware-Scanner - Enjoy
🐳 Docker
- Download the source
- Build command
docker build --tag amwscan-docker . - Run command
docker run -it --rm amwscan-docker bash
🧪 Testing
The project includes a comprehensive test suite with unit and integration tests.
Running Tests
# Run all tests composer test # Run only unit tests composer test:unit # Run only integration tests composer test:integration # Generate coverage report composer test:coverage
Writing Tests
Tests are organized into:
- Unit Tests (
tests/Unit/) - Fast, isolated tests for individual classes - Integration Tests (
tests/Integration/) - CLI execution tests with various configurations - Test Fixtures (
tests/Fixtures/) - Sample files for testing (clean, malware, obfuscated)
For detailed information on writing and debugging tests, see TESTING.md.
Continuous Integration
Tests run automatically on pull requests and pushes across multiple PHP versions (7.4, 8.0, 8.1, 8.2, 8.3).
🔎 Scanning mode
The first think you need to decide is the strength, you need to calibrate your scan to find less false positive as possible during scanning without miss for real malware. For this you can choose the aggression level.
The scanner permit to have some predefined modes:
| Mode | Alias | 🚀 | Description |
|---|---|---|---|
| None (default) | 🔴 | Search for all functions, exploits and malware signs without any restrictions | |
| Only exploits | -e |
🟠 | Search only for exploits definitions Use flag: --only-exploits |
| Lite mode | -l |
🟡 | Search for exploits with some restrictions and malware signs (on Wordpress and others platform could detect less false positivity) Use flag: --lite |
| Only functions | -f |
🟡 | Search only for functions (on some obfuscated code functions couldn't be detected) Use flag: --only-functions |
| Only signatures | -s |
🟢 | Search only for malware signatures (could be a good solution for Wordpress and others platform to detect less false positivity) Use flag: --only-signatures |
💻 Usage
Command line
php amwscan ./mywebsite/http/ -l -s --only-exploits
php amwscan -s --max-filesize="5MB"
php amwscan -s -logs="/user/marco/scanner.log"
php amwscan --lite --only-exploits
php amwscan --exploits="double_var2" --functions="eval, str_replace"
php amwscan --ignore-paths="/my/path/*.log,/my/path/*/cache/*"
Doesn't work?
In case above command doesn't work, you can use script responsible for malware scan manually by executing:
php dist/scanner <path>
To check all options check the Documentation
Suggestions
If you are running the scanner on a Wordpress project or other popular platform use --only-signatures or --lite flag
to have check with less false positive but this could miss some dangerous exploits like nano.
Programmatically
On programmatically silent mode and auto skip are automatically enabled.
use AMWScan\Scanner; $app = new Scanner(); $report = $app->setPathScan("my/path/to/scan") ->enableBackups() ->setPathBackups("/my/path/backups") ->enableLiteMode() ->setAutoClean() ->run();
Report Object
object(stdClass) (7) { ["scanned"] => int(0) ["detected"] => int(0) ["removed"] => array(0) {} ["ignored"] => array(0) {} ["edited"] => array(0) {} ["quarantine"] => array(0) {} ["whitelist"] => array(0) {} }
🎨 Screenshots
Report
HTML report format (
default)
Interactive CLI
marcocesarato/amwscan 适用场景与选型建议
marcocesarato/amwscan 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 19.37k 次下载、GitHub Stars 达 770, 最近一次更新时间为 2019 年 02 月 11 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「code」 「shell」 「tool」 「base64」 「decode」 「scanner」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 marcocesarato/amwscan 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 marcocesarato/amwscan 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 marcocesarato/amwscan 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Memio's PrettyPrinter, used to generate PHP code from given Model
Backend Google Sign On for Magento 2
Shell command module for PHP.
PHP library for the MUMSYS project
An app setting manager tool for laravel nova
PHP Automation Tools
统计信息
- 总下载量: 19.37k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 770
- 点击次数: 9
- 依赖项目数: 1
- 推荐数: 0
其他信息
- 授权协议: GPL-3.0-or-later
- 更新时间: 2019-02-11


